Facebook
Twitter
P
popminister
Guest
It seems to be impossible to setup a secure mod_php environment because of some famous php-scripts which won't run with secure settings.
You can put the scripts into the open_basedir jail but if you don't use the option to disable functions like exec() or system() users still can browse through foreign directories. This is because of the fact that all scripts run from the same user account e.g. apache which has got the rights to access all users web directories.
So at the moment it seems for me to be the best solution to switch back to the cgi solution like it was used in confixx, which was my last controlpanel software.
The cgi-solution makes it impossible to run the scripts with the rights of the webuser and so the users can't access foreign directories.
But the question is: How can this be done with plesk? I need to modify the entries which plesk adds to all virtual host directives it writes into /etc/httpd/httpd.include.
Any ideas?
Thanks in advance
Popminister
You can put the scripts into the open_basedir jail but if you don't use the option to disable functions like exec() or system() users still can browse through foreign directories. This is because of the fact that all scripts run from the same user account e.g. apache which has got the rights to access all users web directories.
So at the moment it seems for me to be the best solution to switch back to the cgi solution like it was used in confixx, which was my last controlpanel software.
The cgi-solution makes it impossible to run the scripts with the rights of the webuser and so the users can't access foreign directories.
But the question is: How can this be done with plesk? I need to modify the entries which plesk adds to all virtual host directives it writes into /etc/httpd/httpd.include.
Any ideas?
Thanks in advance
Popminister
